Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web cache poisoning with an unkeyed header lab not finishing

Bjartur | Last updated: Dec 10, 2023 11:08AM UTC

Hello, It seems that I have successfully finished the lab but it is not getting marked as completed. I suspect the issue is that the alert only appears when I have the proxy enabled. However, I tried resetting and followed the steps in the video exactly but still the same issue. Even in the video he has the proxy enabled and it gets marked completed. I am doing alert(document.cookie) on my exploit server. This is a screen recording of what's happening: https://imgur.com/gvR1eCf Any idea what's going on here? I have been trying for an hour.

Dominyque, PortSwigger Agent | Last updated: Dec 11, 2023 08:35AM UTC

Hi Bjartur Out of curiosity, do you experience the same issue if you use the embedded browser to complete the lab?

Bjartur | Last updated: Dec 11, 2023 06:41PM UTC

It does work on the Burp browser, but the lab doesn't complete.

Dominyque, PortSwigger Agent | Last updated: Dec 12, 2023 08:59AM UTC

Hi Bjartur For step 11 in our solution: Send your malicious request. Keep replaying the request until you see your exploit server URL being reflected in the response and X-Cache: hit in the headers In your screen recording, your X-Cache was displaying miss and not hit. Can you attempt the lab again, ensuring the X-Cache displays 'hit' before attempting steps 12 and 13? Please let me know how this goes. 

Bjartur | Last updated: Dec 12, 2023 09:02PM UTC

Hi Dominyque I just tried this again exactly like I've been doing before and it just worked. Not sure what happened here :D The cache did display 'hit' now, but I'm pretty sure it did in previous attempts as well. Oh well, problem solved I guess. Thanks so much for your assistance.

Dominyque, PortSwigger Agent | Last updated: Dec 13, 2023 08:24AM UTC

Hi Bjartur Brilliant! I'm glad this has worked for you now.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.